Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Scan.eml

Overview

General Information

Sample name:Scan.eml
Analysis ID:1529172
MD5:90e846a4c722b19592cdd3801b10e098
SHA1:ea3b7bcc4ced127ad73cafe05026204107f87c43
SHA256:9d8b0c98d33bd9ae8c3959e331d7ba4e3665e5318d3a759b14575be369ab714a
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 8124 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Scan.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 2928 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6905CA56-0DBE-45BE-B185-4C7F4BCE2084" "6126A9A0-BD64-40E7-8AA6-D088F06840D5" "8124" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 8124, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: Scan.eml, ~WRS{FDE05585-8474-4812-B72E-1A50F0358E0D}.tmp.1.drString found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.aadrm.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.aadrm.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.cortana.ai
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.diagnostics.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.microsoftstream.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.office.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.onedrive.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://api.scheduler.
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://app.powerbi.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://augloop.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://augloop.office.com/v2
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://canary.designerapp.
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cdn.entity.
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://clients.config.office.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://clients.config.office.net/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cortana.ai
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cortana.ai/api
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://cr.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://d.docs.live.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://dev.cortana.ai
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://devnull.onenote.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://directory.services.
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://ecs.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://edge.skype.com/rps
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://graph.ppe.windows.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://graph.windows.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://graph.windows.net/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://ic3.teams.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://invites.office.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://lifecycle.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://login.microsoftonline.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://login.microsoftonline.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://login.windows.local
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://make.powerautomate.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://management.azure.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://management.azure.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://messaging.action.office.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://messaging.office.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://mss.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://ncus.contentsync.
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://officeapps.live.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://officepyservice.office.net/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://onedrive.live.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://otelrules.azureedge.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://outlook.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://outlook.office.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://outlook.office365.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://outlook.office365.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://powerlift-user.acompli.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://powerlift.acompli.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://res.cdn.office.net
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://service.powerapps.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://settings.outlook.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://staging.cortana.ai
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://substrate.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://tasks.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://webshell.suite.office.com
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://wus2.contentsync.
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winEML@3/11@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user~1\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241008T1131160540-8124.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Scan.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6905CA56-0DBE-45BE-B185-4C7F4BCE2084" "6126A9A0-BD64-40E7-8AA6-D088F06840D5" "8124" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6905CA56-0DBE-45BE-B185-4C7F4BCE2084" "6126A9A0-BD64-40E7-8AA6-D088F06840D5" "8124" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1529172 Sample: Scan.eml Startdate: 08/10/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 47 120 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-user.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://api.office.net0%URL Reputationsafe
https://incidents.diagnosticssdf.office.com0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://entitlement.diagnostics.office.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0017.t-0009.t-msedge.net
13.107.246.45
truefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://api.diagnosticssdf.office.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://login.microsoftonline.com/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://shell.suite.office.com:14434B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://designerapp.azurewebsites.net4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://autodiscover-s.outlook.com/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://useraudit.o365auditrealtimeingestion.manage.office.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.com/connectors4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://cdn.entity.4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://api.addins.omex.office.net/appinfo/query4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://clients.config.office.net/user/v1.0/tenantassociationkey4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://powerlift.acompli.net4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://rpsticket.partnerservices.getmicrosoftkey.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://lookup.onenote.com/lookup/geolocation/v14B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://cortana.ai4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://api.powerbi.com/v1.0/myorg/imports4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://cloudfiles.onenote.com/upload.aspx4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://entitlement.diagnosticssdf.office.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://api.aadrm.com/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://ofcrecsvcapi-int.azurewebsites.net/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://canary.designerapp.4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://ic3.teams.office.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://www.yammer.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
    • URL Reputation: safe
    		unknown
    https://api.microsoftstream.com/api/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
      		unknown
      https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
      • URL Reputation: safe
      		unknown
      https://cr.office.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
      • URL Reputation: safe
      		unknown
      https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
        		unknown
        https://messagebroker.mobile.m365.svc.cloud.microsoft4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
        • URL Reputation: safe
        		unknown
        https://otelrules.svc.static.microsoft4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
          		unknown
          https://portal.office.com/account/?ref=ClientMeControl4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
          • URL Reputation: safe
          		unknown
          https://clients.config.office.net/c2r/v1.0/DeltaAdvisory4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
          • URL Reputation: safe
          		unknown
          https://edge.skype.com/registrar/prod4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
          • URL Reputation: safe
          		unknown
          https://graph.ppe.windows.net4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
          • URL Reputation: safe
          		unknown
          https://res.getmicrosoftkey.com/api/redemptionevents4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
          • URL Reputation: safe
          		unknown
          https://powerlift-user.acompli.net4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
          • URL Reputation: safe
          		unknown
          https://tasks.office.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
          • URL Reputation: safe
          		unknown
          https://officeci.azurewebsites.net/api/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
          • URL Reputation: safe
          		unknown
          https://sr.outlook.office.net/ws/speech/recognize/assistant/work4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
          • URL Reputation: safe
          		unknown
          https://api.scheduler.4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
          • URL Reputation: safe
          		unknown
          https://my.microsoftpersonalcontent.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
            		unknown
            https://store.office.cn/addinstemplate4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
            • URL Reputation: safe
            		unknown
            https://api.aadrm.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
            • URL Reputation: safe
            		unknown
            https://edge.skype.com/rps4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
            • URL Reputation: safe
            		unknown
            https://outlook.office.com/autosuggest/api/v1/init?cvid=4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              		unknown
              https://globaldisco.crm.dynamics.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://messaging.engagement.office.com/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://dev0-api.acompli.net/autodetect4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://www.odwebp.svc.ms4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://api.diagnosticssdf.office.com/v2/feedback4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://api.powerbi.com/v1.0/myorg/groups4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://web.microsoftstream.com/video/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://api.addins.store.officeppe.com/addinstemplate4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://graph.windows.net4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://dataservice.o365filtering.com/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://officesetup.getmicrosoftkey.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://analysis.windows.net/powerbi/api4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
              • URL Reputation: safe
              		unknown
              https://aka.ms/LearnAboutSenderIdentificationScan.eml, ~WRS{FDE05585-8474-4812-B72E-1A50F0358E0D}.tmp.1.drfalse
                		unknown
                https://prod-global-autodetect.acompli.net/autodetect4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                • URL Reputation: safe
                		unknown
                https://substrate.office.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                • URL Reputation: safe
                		unknown
                https://outlook.office365.com/autodiscover/autodiscover.json4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                • URL Reputation: safe
                		unknown
                https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                • URL Reputation: safe
                		unknown
                https://consent.config.office.com/consentcheckin/v1.0/consents4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                • URL Reputation: safe
                		unknown
                https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                • URL Reputation: safe
                		unknown
                https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                • URL Reputation: safe
                		unknown
                https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                • URL Reputation: safe
                		unknown
                https://d.docs.live.net4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                  		unknown
                  https://safelinks.protection.outlook.com/api/GetPolicy4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://ncus.contentsync.4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    		unknown
                    https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://weather.service.msn.com/data.aspx4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://apis.live.net/v5.0/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://officepyservice.office.net/service.functionality4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://templatesmetadata.office.net/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://messaging.lifecycle.office.com/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://mss.office.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://pushchannel.1drv.ms4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://management.azure.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://outlook.office365.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://wus2.contentsync.4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://incidents.diagnostics.office.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://clients.config.office.net/user/v1.0/ios4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://make.powerautomate.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.addins.omex.office.net/api/addins/search4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://insertmedia.bing.office.net/odc/insertmedia4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://outlook.office365.com/api/v1.0/me/Activities4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.office.net4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://incidents.diagnosticssdf.office.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://asgsmsproxyapi.azurewebsites.net/4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://clients.config.office.net/user/v1.0/android/policies4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://entitlement.diagnostics.office.com4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE.1.drfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    No contacted IP infos

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1529172
                    Start date and time:2024-10-08 17:30:06 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 4m 44s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:7
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Scan.eml
                    Detection:CLEAN
                    Classification:clean1.winEML@3/11@0/0
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Found application associated with file extension: .eml

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded IPs from analysis (whitelisted): 20.190.159.75, 40.126.31.67, 20.190.159.4, 20.190.159.73, 20.190.159.0, 20.190.159.2, 20.190.159.68, 20.190.159.23, 52.109.89.18, 52.113.194.132, 20.189.173.23
                    • Excluded domains from analysis (whitelisted): ecs.office.com, prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, otelrules.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, otelrules.afd.azureedge.net, prod.configsvc1.live.com.akadns.net, weu-azsc-config.officeapps.live.com, s-0005-office.config.skype.com, login.msa.msidentity.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, azureedge-t-prod.trafficmanager.net, officeclient.microsoft.com, ecs.office.trafficmanager.net, onedscolprdwus16.westus.cloudapp.azure.com, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: Scan.eml

                    Simulations

                    Behavior and APIs

                    No simulations

                    LLM Input / Output

                    InputOutput
                    URL: Email Model: jbxai
                    {
"brand":[],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"U ontvangt niet vaak e-mail van almere3@dutchlilymasters.nl. Ontdek waarom dit belangrijk is",
"has_visible_qrcode":false}

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    s-part-0017.t-0009.t-msedge.nethttps://1drv.ms/w/c/3e7c84f1a590a3e6/IQStDJr3bMEwQZDK5oU6uNI1AXa25ZxVanY0bWjgRrRk-d4Get hashmaliciousUnknownBrowse
                    • 13.107.246.45
                    paymentremittanceinformationCQDM.htmlGet hashmaliciousUnknownBrowse
                    • 13.107.246.45
                    mEudzoO1bG.exeGet hashmaliciousFormBookBrowse
                    • 13.107.246.45
                    15PylGQjzK.exeGet hashmaliciousLummaC, VidarBrowse
                    • 13.107.246.45
                    Ji7kZhlqxz.exeGet hashmaliciousLummaC, VidarBrowse
                    • 13.107.246.45
                    90g7XddjcS.exeGet hashmaliciousUnknownBrowse
                    • 13.107.246.45
                    https://www.google.com.bo/url?url=https://coqjcqixwpeuzndc&hpj=jguragr&fwbtzg=qoe&ffzzf=olnshn&aes=fvotjnl&garqe=txbrxc&emrj=ycbtmrgd&uwzlcgsurn=eygnbnharg&q=amp/jhjn24u.v%C2%ADvg%C2%ADzy%C2%ADnp%C2%ADe%C2%ADw%C2%ADl%C2%ADkkukl.com%E2%80%8B/4b3puorbt&vijx=zlglfoj&qcobrch=pupf&cjaim=omgedz&guneqiu=xqm&d=DwMFAgGet hashmaliciousUnknownBrowse
                    • 13.107.246.45
                    SecuriteInfo.com.Win32.Agent-BEAA.9093.11707.dllGet hashmaliciousUnknownBrowse
                    • 13.107.246.45
                    PO20241008.xlsGet hashmaliciousUnknownBrowse
                    • 13.107.246.45
                    Request for Quotation Plug Valve.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • 13.107.246.45

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):231348
                    Entropy (8bit):4.373475887019014
                    Encrypted:false
                    SSDEEP:1536:XrYL0jgsOhGTNROrfgsCFNcAz79ysQqt2gXplqoQpercm0FvAT+yt2wuc0/oYYVP:sEgCDmgpmiGu2UqoQ4rt0Fv6X+nsDNe0
                    MD5:9B97E7202190D019CB5D6EA063FED24C
                    SHA1:6A7A363C2F7A97649DF96B0CA540F93CBBB6D561
                    SHA-256:02AE68E5EEAD64A427F986D9CFAE61885D471BC2C6DBB77C05BE6452B88D2327
                    SHA-512:6FCDB29508C7E154CBED6AE24E8F97D5F7073CE62164F04C5D34F2BF8625C267C26A41538DAD92AF6B70EA26FC55B0D1E45DF62A8F28D97AFA2575A9F09F6A29
                    Malicious:false
                    Reputation:low
                    Preview:TH02...... . *..........SM01X...,...0...............IPM.Activity...........h...............h............H..hL.......].....h........p...H..h\FRO ...1\Ap...h....0..........h...............h........_`Fk...h....@...I.tw...h....H...8.Kk...0....T...............d.........2h...............k..............!h.............. h.y...........#h....8.........$hp.......8....."h.+...... &....'h..............1h....<.........0h....4....Kk../h....h.....KkH..hH...p...L.....-h ...........+h.......@................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4B7CF06E-D3AE-4335-AF0B-033ABC29C5AE

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):177810
                    Entropy (8bit):5.287202150381058
                    Encrypted:false
                    SSDEEP:1536:1i2XfRAqcbH41gwEwLe7HW8bM/o/NMdcAZl1p5ihs7EXXPEAD2Odavo:wCe7HW8bM/o/TXsk4o
                    MD5:C6D4E9964CED818116252490C72602A5
                    SHA1:57BFE38B3CDD01999F37C9719D66A62E05059A44
                    SHA-256:4E1D858EEACD47B2CDC208531B2CF8067CEF1F32D1FFE5E3E565599902A5C7D2
                    SHA-512:442D3BF4A8A1390478B99ED06F2D5B00A2DEC1C656C3F843F0234F946DA0533F609F0B9677DCA6514156C4290DC1459CC9BC36BC42FCB3061AD9F8BFFA5DDB1F
                    Malicious:false
                    Reputation:low
                    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-08T15:31:20">.. Build: 16.0.18124.40132-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):32768
                    Entropy (8bit):0.04489304881463721
                    Encrypted:false
                    SSDEEP:3:GtlxtjlIeiZtSVz94tlxtjlIeiZtSVzlXjR9//8l1lvlll1lllwlvlllglbelDbj:Gt7XR94t7XRl99X01PH4l942wU
                    MD5:1DC5449D4F09CAFBE4BBF6B5C7435284
                    SHA1:4E7A193E9A71671A33AD52718D4F522AFEB16E1E
                    SHA-256:53D48070866F7C48F06192481D94530806123BCD820C16FD972D3696C6498448
                    SHA-512:5A966F432D0213343B19A3705563E4A3B8B9BBD4E94E24F0A3FF82D7B34F9E1C9B1E72EC6714E53E563AB931263A118FAEA575A4FDC2093B044BCB8E8ACDA5AB
                    Malicious:false
                    Reputation:low
                    Preview:..-.....................*m{.X_V..t.Zl<-t.=K.J....-.....................*m{.X_V..t.Zl<-t.=K.J..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:SQLite Write-Ahead Log, version 3007000
                    Category:modified
                    Size (bytes):49472
                    Entropy (8bit):0.48155780247412566
                    Encrypted:false
                    SSDEEP:48:OnQ1UY2tUll7DYMXzO8VFDYMMoPBO8VFDYML:xpHll4YjVGijVGC
                    MD5:66FFD4F45F5A0EBACFEFE369BBC27C01
                    SHA1:88310A7C416002A3CDC731427A4495472D7EFE44
                    SHA-256:E0EF913F8ADA5675E9CE010F5C1E19908480C3CB7E0C6236554A615B8932F91D
                    SHA-512:FC68A72059A215E4BC4DA4EDECD3A7511910A47856559C66ABDC325591C3E062548298DA479877D8536A7FC68060FAECEFA11C0E541873E34C5E3C5476B39217
                    Malicious:false
                    Reputation:low
                    Preview:7....-...........t.Zl<-t/.w.[...........t.Zl<-t..O//+.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FDE05585-8474-4812-B72E-1A50F0358E0D}.tmp

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):1604
                    Entropy (8bit):1.2163236945025115
                    Encrypted:false
                    SSDEEP:6:gqlkRn8S8lScGMtM9AKY2EAhkly/n8irwl2RlXMvOwWlqH4/rH:gTR7CjL2Vkl5iklAlXUIH
                    MD5:B6B557BB4C9E42873C7EAD67C4256B57
                    SHA1:9A6A7C81B6D03DCBDC73DB5625AF587DB80A1F2D
                    SHA-256:C431104419EBB2D5D1EA6FEB47EE8BD96AFAB1096D68E4A1002A1AE3DA2F8551
                    SHA-512:99DB46A1B5C48E16DF13845B0BB7F032A654BA9E685C1A007FA994750C5B74313B54F120A72570418E1A0F29FA95BE8DC8BFDEC929832FE12E8A93888914B0DF
                    Malicious:false
                    Reputation:low
                    Preview:......U. .o.n.t.v.a.n.g.t. .n.i.e.t. .v.a.a.k. .e.-.m.a.i.l. .v.a.n. .a.l.m.e.r.e.3.@.d.u.t.c.h.l.i.l.y.m.a.s.t.e.r.s...n.l... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n.".......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728401476985074100_A122936A-A216-4726-891F-4A3EB3D37D34.log

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:ASCII text, with very long lines (28765), with CRLF line terminators
                    Category:dropped
                    Size (bytes):20971520
                    Entropy (8bit):0.1609987602288855
                    Encrypted:false
                    SSDEEP:1536:2mJyC8JrTxsFbRtJRJISpjdWo4XcrerJQCMBLjuKwEtDguy:t8FKFbB4pze5
                    MD5:94BD2C1396C1E733F9D0E421E2C82019
                    SHA1:79180C525B3F7CA1D8EB5714B3766B85C6241C84
                    SHA-256:2A0FF54BAA89A793DD3DA21E7C3305D7D5C2FE5F51F78FB18EDC6152EABBA051
                    SHA-512:6B27DE748B20CD279F83BEAB2B31C8BD2E5BC0C3E1B9CEF943D8E577172CFEEED3BF3CAEFBA98F66EE2823B098C7B4FDA530EB0BB336FC0179D67E6BA233C082
                    Malicious:false
                    Reputation:low
                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/08/2024 15:31:17.056.OUTLOOK (0x1FBC).0x1FC0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-10-08T15:31:17.056Z","Contract":"Office.System.Activity","Activity.CV":"apMioRaiJkeJH0o+s9N9NA.4.9","Activity.Duration":18,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/08/2024 15:31:17.071.OUTLOOK (0x1FBC).0x1FC0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-10-08T15:31:17.071Z","Contract":"Office.System.Activity","Activity.CV":"apMioRaiJkeJH0o+s9N9NA.4.10","Activity.Duration":16707,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728401476985974200_A122936A-A216-4726-891F-4A3EB3D37D34.log

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):20971520
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3::
                    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                    Malicious:false
                    Reputation:high, very likely benign file
                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241008T1131160540-8124.etl

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):4.494208953917748
                    Encrypted:false
                    SSDEEP:768:WfKpzEtzp74OJFVq9h9qexLLW2WpWJW5T0XIkTwTTRm:648s9h9VUgXqTY
                    MD5:E672E777C68FEF45941EC053072BF28B
                    SHA1:B346D546603D390D80517A944B9521C3A56D1F28
                    SHA-256:05DBAAAF6799339590148871BACF77C9A08A2C65F2B4F17B689EEB64C709E09B
                    SHA-512:A798F360EDF7952692AB71547BCDDD9936D58757063E0F3E7A0324F64D7A3B7E63BA85BA4C1D577B52D341DDF85280040E0199A9E96247A548CD843AD827605C
                    Malicious:false
                    Reputation:low
                    Preview:............................................................................h...................................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................U...........................v.2._.O.U.T.L.O.O.K.:.1.f.b.c.:.3.6.3.9.e.7.8.0.a.a.1.3.4.a.d.3.8.0.1.2.7.2.0.5.5.0.9.7.d.2.9.7...C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.0.8.T.1.1.3.1.1.6.0.5.4.0.-.8.1.2.4...e.t.l.......P.P.................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):30
                    Entropy (8bit):1.2389205950315936
                    Encrypted:false
                    SSDEEP:3:GWt:G
                    MD5:9F8C9C517023D6CDD44B183D2000C5EA
                    SHA1:AF170F129AC51CF565981303074A2322B4517EE9
                    SHA-256:D4DC6977E6E29A5D0C03A8E2C52E896500A452E42BB2FE189EE88FCA977145F1
                    SHA-512:FB452148A12A3F56687E9E604D9426586AC91DF5842609EE6B54352D9FF8A05D7C5FF42B970B726DA0EBBECD57E6124412041B0422579BBABB121EB0A5352129
                    Malicious:false
                    Preview:...../........................

                    C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:Microsoft Outlook email folder (>=2003)
                    Category:dropped
                    Size (bytes):271360
                    Entropy (8bit):2.3945076473495814
                    Encrypted:false
                    SSDEEP:6144:AfprCEkNCEkrCEkaCEk/CEk/CEkCcCEk6ySq:cprCEkNCEkrCEkaCEk/CEk/CEkCcCEk
                    MD5:288CE77BCCCFB2963A44D9CB9E62FD75
                    SHA1:550D25C17E69DFB4DA3EB734677F2F548AA8176F
                    SHA-256:C9A7D713D006104F9EEBF2FE9EAAD3652E19EAAD00F6F6222BC12CF0B71E9A53
                    SHA-512:9D2C6B92A1BE6C767DAA7BAD19BD109F65F2F9F1C7AA8ED861ECF450D9E55779FF2B783C4D61DA45F1538A1A829D9A3A988470DEAAFCC9A2BA415BA692C0BE07
                    Malicious:false
                    Preview:!BDNr...SM......\....$..........).......X................@...........@...@...................................@...........................................................................$.......D......................'...............$........v..............................................................................................................................................................................................................................................................................................R......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):131072
                    Entropy (8bit):2.8778899577120005
                    Encrypted:false
                    SSDEEP:3072:ihCEkNCEkrCEkaCEk/CEkGCEkCcCEk+MVp9yrS:MCEkNCEkrCEkaCEk/CEkGCEkCcCEk+oF
                    MD5:0C236B8999539C49097F21937709C2B5
                    SHA1:85941291A9DE5764C4666799E0B4334404641371
                    SHA-256:D61023DE6BCB8C689BF7D2852F230644511E95F2EE803720C02FA913087B9051
                    SHA-512:8CF15209A4D88753408B41C59B41ED7B639B82A702C8EDB77B7648F821C6DA2829A574D96C24502D5FC148F1665E4EE96D5FC78C217AA743F500F96FFDB7023B
                    Malicious:false
                    Preview:'(|yC...b...........$c........................#.!BDNr...SM......\....$..........).......X................@...........@...@...................................@...........................................................................$.......D......................'...............$........v..............................................................................................................................................................................................................................................................................................R..$c...........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                    Static File Info

                    General

                    File type:RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators
                    Entropy (8bit):5.602121332317704
                    TrID:
                    • E-Mail message (Var. 5) (54515/1) 100.00%
                    File name:Scan.eml
                    File size:25'382 bytes
                    MD5:90e846a4c722b19592cdd3801b10e098
                    SHA1:ea3b7bcc4ced127ad73cafe05026204107f87c43
                    SHA256:9d8b0c98d33bd9ae8c3959e331d7ba4e3665e5318d3a759b14575be369ab714a
                    SHA512:40ac503ded0e50c0c0c18f844601b4d3940a9b62f0f2b2d47de1c80794b47093cce13c77d6059f542727231e5c49f77fcffcc1e154ab442c2e1221454a48f33a
                    SSDEEP:384:LtKV1yusA3qp6b5InqXjFoG1YPmvQYJNjASz61To/BImKlq81H:exb6ngoGqPMQYISz61To/BImKlqc
                    TLSH:BFB28F17FBD01820DE9B59A45903BB7E7B3859D78F224C7024CAAB7D074DCEB9AC4648
                    File Content Preview:Received: from AM8PR07MB7346.eurprd07.prod.outlook.com (2603:10a6:20b:24d::17).. by AM0PR07MB6227.eurprd07.prod.outlook.com with HTTPS; Tue, 8 Oct 2024.. 09:08:11 +0000..Received: from DU2PR04CA0087.eurprd04.prod.outlook.com (2603:10a6:10:232::32).. by AM

                    Static Mail

                    General

                    Subject:Scan
                    From:Scanner|Verhagenleiden
                    To:Jurrien van der Vooren <Jurrien@verhagenleiden.nl>
                    Cc:
                    BCC:
                    Date:Tue, 08 Oct 2024 09:07:36 +0000
                    Communications:
                    • U ontvangt niet vaak e-mail van almere3@dutchlilymasters.nl. Ontdek waarom dit belangrijk is<https://aka.ms/LearnAboutSenderIdentification>
                    Attachments:
                    • scan.html

                    Headers

                    Key Value
                    Receivedfrom seq1-0023 (45.11.180.223) by DB3PEPF0000885B.mail.protection.outlook.com (10.167.242.6) with Microsoft SMTP Server id 15.20.8048.13 via Frontend Transport; Tue, 8 Oct 2024 09:07:38 +0000
                    FromScanner|Verhagenleiden
                    ToJurrien van der Vooren <Jurrien@verhagenleiden.nl>
                    SubjectScan
                    Thread-TopicScan
                    Thread-IndexAQHbGWGZ1H787eOQa0uGWDCrQ6xchQ==
                    DateTue, 08 Oct 2024 09:07:36 +0000
                    Message-ID<172837845654.125352.12461982949503127540@seq1-0023>
                    Reply-ToNoreply <noreply@verhagenleiden.nl>
                    Content-Languagenl-NL
                    X-MS-Exchange-Organization-AuthSource DB5PEPF00014B93.eurprd02.prod.outlook.com
                    X-MS-Has-Attachyes
                    X-MS-Exchange-Organization-Network-Message-Id cc93faaf-652e-40c1-56a6-08dce778b974
                    X-MS-TNEF-Correlator
                    X-MS-Exchange-Organization-RecordReviewCfmType0
                    x-ms-publictraffictypeEmail
                    dkim-signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=dutchlilymasters.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RY+DTdpm6/n9DjvexDmHE7Vh7TxEtsye8rM/fTw1tN0=; b=UxVHvy6KKCixKy8M0HiCNOg3w0DpKzz+WEgw0B6ANbKDG1j4lxNGbpyQgYjjU7malPVpRCe5LrTvZBVYRCQPz/n2HtZ0KBaBBXtGTLeiTmvM5NodHxSBstdDOcD+sGuLAp/6r0T6LZt4Bb4R6/Z3vxZHj7dtV3Mz4vQNtXCs0l99VEJljVoMjY5Vsoxf8mO53i8fJmeHY4ZEAjCV24WIlNVtSQeywX8tuMhNnEVs8CeSIyR3zMav5FQp4Wlcq3pj9KYSkUGjJhd9aZ1xF12hraNF69DSFxh5L1PXrEYcVBe+bF8klMf9rHU91eaFsarX6ujS9RREOuDn7s7uIxF6Mw==
                    authentication-resultsspf=pass (sender IP is 52.101.69.96) smtp.mailfrom=dutchlilymasters.nl; dkim=pass (signature was verified) header.d=dutchlilymasters.nl;dmarc=bestguesspass action=none header.from=dutchlilymasters.nl;compauth=pass reason=109
                    received-spfFail (protection.outlook.com: domain of dutchlilymasters.nl does not designate 45.11.180.223 as permitted sender) receiver=protection.outlook.com; client-ip=45.11.180.223; helo=seq1-0023;
                    x-forefront-antispam-report CIP:52.101.69.96;CTRY:NL;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM0PR83CU005.outbound.protection.outlook.com;PTR:mail-westeuropeazon11020096.outbound.protection.outlook.com;CAT:NONE;SFTY:9.25;SFS:(13230040)(35042699022)(1580799027)(2722699018)(38000299018)(43540500003);DIR:INB;SFTY:9.25;
                    x-ms-exchange-organization-originalclientipaddress52.101.69.96
                    x-ms-exchange-organization-originalserveripaddress10.167.8.231
                    x-ms-office365-filtering-correlation-idcc93faaf-652e-40c1-56a6-08dce778b974
                    x-ms-traffictypediagnostic DB3PEPF0000885B:EE_|AS8PR01MB7192:EE_|DB5PEPF00014B93:EE_|AM8PR07MB7346:EE_|AM0PR07MB6227:EE_
                    x-microsoft-antispam BCL:0;ARA:13230040|35042699022|1580799027|2722699018|38000299018|43540500003;
                    x-ms-exchange-crosstenant-originalarrivaltime08 Oct 2024 09:08:07.2331 (UTC)
                    x-ms-exchange-crosstenant-fromentityheaderInternet
                    x-ms-exchange-crosstenant-idd94a64f7-5742-4519-8f08-304cb101a4de
                    x-ms-exchange-crosstenant-authsource DB5PEPF00014B93.eurprd02.prod.outlook.com
                    x-ms-exchange-crosstenant-authasAnonymous
                    x-ms-exchange-crosstenant-network-message-id cc93faaf-652e-40c1-56a6-08dce778b974
                    x-ms-exchange-transport-crosstenantheadersstampedAM8PR07MB7346
                    x-eopattributedmessage1
                    x-ms-exchange-transport-endtoendlatency00:00:04.5667191
                    x-ms-exchange-processed-by-bccfoldering15.20.8026.020
                    x-ms-exchange-atpmessagepropertiesSA|SL
                    x-ms-exchange-senderadcheck1
                    arc-seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xCwz1WL22xTCEwXTXilEEEqjvVSc0+63pAf2YuBnG8qHld0p+jeYNduOZzOLTJpbQutTfBmxapOv8lulM66vZUMEjvZU6pHjnFHfRUl9ssMlXdylDQoIJSgj1KGOtzNyHlaJ+Iy5NXtOtk1L4oVybn8MfwCJ4/z8UPEc3DBTRbdngkmzutKOdv6S/YVdncjXMsPJ+gQNADTd062RFCn+Ed49e/a/c+PT0vOCfAmMXJM7Z1zaMbIn6fzwsfMKR2wadgEGrs+khZH5zMG9F68yqaIiFt5Sv/UVFxkWkrAI8nr9v/LsUgVJG5sGpnNyAd9jt0auO9aSa8zdvsckMNlGDg==
                    arc-message-signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RY+DTdpm6/n9DjvexDmHE7Vh7TxEtsye8rM/fTw1tN0=; b=iOICdlKg1R+fNnrTCco2yqnJ5xzEO/nuUv9zxmb7rvqbNgR0ywIYw+YbWZ5fPl+yvrcZG8SWVEpdqYCm0nzRUWwjmYGs4Pot5kJ2GX791X+bliD9pGbyoxe/gW3fusWD5vhSeT5jGjWnkdj2eAHK6GID7Mp6A7txafZj2ejdepgyA68IEZ5zd1VfT3fRqD883fMO8zy7bR5//rNUpOiWk59LPfCbXL5SqaHhTzKeZYBspW7XffuJtPylBI9DXWcWFm5CjsuCgr2ZHOciHbjIxIdTQOtrYfva4aTsFUa8+3UqALY0N442JSY4/BLUbiLrCfOHKsAvQDpIJoKdYUcrBg==
                    arc-authentication-resultsi=1; mx.microsoft.com 1; spf=fail (sender ip is 45.11.180.223) smtp.rcpttodomain=verhagenleiden.nl smtp.mailfrom=dutchlilymasters.nl; dmarc=none action=none header.from=dutchlilymasters.nl; dkim=none (message not signed); arc=none (0)
                    x-forefront-antispam-report-untrusted CIP:45.11.180.223;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:seq1-0023;PTR:mailsystem.sbg-7.prod.pressezentrum-kuglhof.at;CAT:NONE;SFS:(13230040)(82310400026)(61400799027)(34020700016)(36860700013)(376014)(1580799027);DIR:OUT;SFP:1102;
                    x-microsoft-antispam-untrusted BCL:0;ARA:13230040|82310400026|61400799027|34020700016|36860700013|376014|1580799027;
                    x-microsoft-antispam-message-info-original k9z6uKYA0BCVVXdWnyCt93aBXxikHOuGuP+3Fq00GO/kIM3+lyixBQCqTIN74D0JF6upX6O4gthWrBhqNNrq/ffnUOhVfEnmC39E9cafwfpwVdC20Q7TnFRoucnt+GVMJsTdhWogGRgZmIwGq9Pxqi8oQQ7Np3VA4l8ge17+FXTEALXFiJd2ld1hzK9XyQhVTDPk8z7PUyJSRWOZxwfjLa5k26MCwkEpNdo/vz9Fz8FW/mfD6aQ2LSdfa7lBlNUxR6Ry5ny83CHGfM09bJCHqQOOifdt7Ak79Kg2KtVrSploRbmzBuHTFO3u9Ty2N73WLC0yiX6E2xWklSm4PUr+VO5zBaTHTwcLkov1Hd4/lkfEx1MkcicvwtWtcJpTOkECGiieMBkAHjHlwGHoErnhypBkUH6DH7wzZNSxUXmdjrJIziGMhuYn9p0Liu8V/mHmXqddrDVuqJVYb8SEvZzbMIkdxypClnlI/bsHtxKZbgewT7ETFnQgJkNi3BPbapumw/Y1ZnC1JFGEGFeG3+ZGxXiWVPat3Afh6UK3ayyb9owaAqeNsIEx+1HT7OKNB7mFsF/Z9GmCIvlA4IL0hOwfudZhm2xrHnm2wl1WHKEQEi3JcAqnq5fYy/QnXHRRcutqslw9TsTh+yEsQl7pXNwA07dZRGO2+u0uH1cpeRbEP6EIBq95EZzL9RAluS3ErdJVn2Tcfk2uzGwYj2x+I3dWoVIiseANGdAswmdbk9ETpYfOHoNbnxflBNW6wTvm/VHpdGvBW18g1PTWPoqBJSih0GVaeOypKbKlZAWVlUtqDsu70jl6XOBAQOsWNqzeJQhxJgkFDljngL6bzRNldRS9jbezcC5C9BlfF9mnCfMdWUscHTbOW9u5lQZbORuLpU+xZ1P7nklk5hKeHf9NVpKonK/HifQZnrGzuUYogNRoxRB1066VvOp5joWXmPgqi1nQlNa3FsKqfCFjSrq10i+m0nITm6PiJaoInB0xtH3YpgBnclndkn89enrmAgtlenPpK0miQoun1n9Jja5zAzHiQX8I+R8EApF0e3HVVrfRiWaAZnxKfk5Shay215aHiaLMuHBPJTRKAoTTjMG0T5L5sbCnftUgY8g9es6p2FwkuRw/U7UPPEyCUOhEgKEKWP7t
                    x-ms-exchange-transport-crosstenantheadersstripped DB5PEPF00014B93.eurprd02.prod.outlook.com
                    x-ms-office365-filtering-correlation-id-prvs 24f09e3f-f878-4d89-a561-08dce778a897
                    x-ms-exchange-antispam-relay0
                    x-eoptenantattributedmessaged94a64f7-5742-4519-8f08-304cb101a4de:0
                    x-ms-exchange-transport-crosstenantheaderspromoted DB5PEPF00014B93.eurprd02.prod.outlook.com
                    X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                    X-Microsoft-Antispam-Message-Info qPVTQ3UMYmJObThdvM7wpf8eMCY4mSDmbFAqHvf+DQvpVtbfz3tVas5SB1jMdUX8mY44QWtYRzjK8w+DSgYQdNMZOviiouR6MaOT7rZk2Y0e/WFV2/IAtcHlCdNPcB8HaTR3FU8T+u7JIleoVTVH48oMNRziUJP1EKR6sdUA3bTXLGZVhADq5vQvN3Za2AkmL04lTTqeuOF9unp+BKt9nHcoYO16mCuTKgBFZ0NjD9GxUYEI+ZcVc61v2S4+C1I6uSSnIjIPHA9v3tI/JbapE7Ew4Jybz0JqzdaT98CVRAFezl65ve8WUU3S/5pjoNmOpskXkyNN2SKYUzsI36L/WJAAjcUr8y39WwHxzu9p1aXjkYWw+Q/uxZIWSCD0KENXrSK8X7AuTYMJwB+c1AW4wM7H3oNSgCScfx81+If6wNRLZyMvc4BFFmnk1asrp1BDD/BuEIp6BmnDcseU83d/NndyuFJHeyEYmZHl3paz5Wa725qSjy/CVjK/TecGCT6On7iUvXN9NhOE+TFoDWr+xjCBkN4LXBeKht3MbrNRRXeuXNI2s6XEhBEuGyT4mIzNSLl5HycrnmY2+UJQmPPX8CgRKvTU+bf7ui4bcq0wILOonPs6EKW75kymbyxdsld1dSUq9vXsiafi8Pd2meokiFBUjKZRdSLN+B/YDj9090kYfrHjf2NGK5Z+A8y9YkwLA+34FtMEw7MpNF5y2MkElf1Hxi5BVpOLLL+0ZRwz9gwTigiBCYq/o8vjGhJT4+zgmmW9ce2aYfENk5ZBHxpdA5kztVX4FsITjovYLCx0Kf17X08iHBOpOMdmxA8IRiSq6ruOs/Hs/6vQbKmVolm/j5T6XUBNqp5WuWeIAjon/YGq/Q5llQwP1zZIFMs1y/kc2kQfWzMuUyl7XPep0V+B6N1/N2UzfYeeB9F0VCzvUIV9asH2WdeMQSGUsEBrjGZLti0qnYIqZETGf3oLfM4uxhjYo3A/+zokt+5RUL4FKN85TEyroE6sktc+0gtDu3zcRXQmPXvdeynea3v/G+KpFgwiRqQhE7Vy6r8mY2vSPHXcXirn4R8pBATFRkfQhJ4zlxWwFNlWPi01dKfAMDr+UlVK9bIo/sdFnfepdLqXn+CWDrOUE9d0MHOl2iM9jsI2n8ijpCuTsqD17ogULlLP7ihbsOzQW26jmZSTPeiw71Xx4Wpbw62jJ68zz14Frt4EJNFtMau12WYoGEnY7lf5q+AoCQ0WTWXmKunLynYUuptApqNZXoQj4hASgqg6htUYkqVyWlZc92/yFdMDx7moznN6Nt8jy0LkuSZe1Kd0VHIReH1pEkpXL3GN0ivAv8HD6hog4ovz1yvObyo7II+2k+aZ3jpuE1VTTZBiv6fl3do6Uhoe+pA5uIMlqjY0zB5IE9zYE8ZKEmeTB9J+D7uWH5KaI4+2qztOB/5wEXWzxAeKJ0eC3YObKHEzVnpAdco0Fp209juGZDvbChdHlEOXQcWD6/FtAtGADciQVMM9Zh6YxkNp6WBHVuSu1HzmoE4j/wdycNT/IUHWCaD0eBix5X/zDS/WMyq3cwCW/Yu+OXOmjehW8QZ37+L8rURBftdZXZbsIKkZZtL2s8w5c7yul671E29gOdMi83uGCeg3Dr7qKFqmgweyOvEamMca6Kq0raf0aB/kNQtdfp9CijrUP1Sv+2IBySIvDmF/hun45+gOdcu+Bn5n2zLHRlzJPykQ4Es/Gc3dVD5PTuSyCYEgOEFAjGWoIUtkYHaD5mSznCx2T4Pr9/jxxDvukrkA3hCuYGjqu/6m++7DqiM+mNjTRoq+kS3MF4Lsb9hJNnNCMNjBepx2H3o7Beunjw8m4XGIiQBT/X7aDqqEOj5DgMwKCgpGvv5HjrafnmzLhD8duGY2r2x/iVgugXg8kBi1MfMi3bW2YTs1X+z90pj1WWlSvW4VXlHbUqnckVE1anBjyvTDbNuekUyru7aYhC9XYl/wq4xi2E2RlSNfwZczOXLB0SPYWOccOWUIJoLwmtu+Nxk=
                    Content-Typemultipart/mixed; boundary="_004_17283784565412535212461982949503127540seq10023_"
                    Importancehigh
                    X-Priority1
                    MIME-Version1.0

                    File Icon

                    Icon Hash:46070c0a8e0c67d6

                    Network Behavior

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Oct 8, 2024 17:31:08.924596071 CEST1.1.1.1192.168.2.70x29e7No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                    Oct 8, 2024 17:31:08.924596071 CEST1.1.1.1192.168.2.70x29e7No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:1
                    Start time:11:31:12
                    Start date:08/10/2024
                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    Wow64 process (32bit):true
                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Scan.eml"
                    Imagebase:0xd00000
                    File size:34'446'744 bytes
                    MD5 hash:91A5292942864110ED734005B7E005C0
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false

                    General

                    Target ID:3
                    Start time:11:31:22
                    Start date:08/10/2024
                    Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6905CA56-0DBE-45BE-B185-4C7F4BCE2084" "6126A9A0-BD64-40E7-8AA6-D088F06840D5" "8124" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                    Imagebase:0x7ff65ba60000
                    File size:710'048 bytes
                    MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false

                    Disassembly

                    No disassembly